Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Fraudsters Claim To Hack Two Canadian Banks

Two Canadian banks reported that they may be targets of a hack after fraudsters claimed that they electronically accessed personal and account information.

UPDATE

Two Canadian banks have reported that they may be targets of a hack, after bad actors claimed that they electronically accessed personal and account information of a combined 90,000 customers. The attackers have asked for a ransom of 1 Ripple XMR from each, which translates to around $1 million Canadian dollars, or about $771,000 USD at time of writing.

On Monday, both Bank of Montreal and Simplii Financial (the banking subsidiary of the Canadian Imperial Bank of Commerce) announced that “fraudsters” contacted them over the weekend claiming they had accessed certain personal and financial data from customers.

According to a report by CBC News, hackers behind the attack have demanded a ransom from the two banks in the form of the Ripple cryptocurrency. According to the CBC News report, hackers said they used an algorithm to pose as real account holders and use a “lost password” method allowing them to tweak and reset security questions. They were then able to access the accounts.

BMO said that a limited number of customers were impacted: “We took steps immediately when the incident occurred and we are confident that exposures identified related to customer data have been closed off,” the company said in a statement. “We have notified and are working with relevant authorities as we continue to assess the situation.”

The bank, which has 7 million customers overall, added that it believes the bad actors originated the attack from outside the country.

Simplii meanwhile said that approximately 40,000 customers may be impacted. The company added that there is currently no indication that clients who bank through CIBC have been affected.

“Immediately upon learning of the potential issue, Simplii began investigating to understand the claim and verify its accuracy,” Simplii said in a statement. “We also moved quickly to implement enhanced online fraud monitoring and online banking security measures. In addition, Simplii will be reaching out to clients proactively through all channels.”

Simplii told customers in a tweet it would “ensure that 100% all money lost [sic]… will be returned.”

We’re assessing all potential impacts. If a client is a victim of fraud bcuz of this issue, we will ensure that 100% all money lost in an affected account is returned. If ur account was affected by this issue, we will reimburse u for 1 year of credit monitoring. ^Julie

Neither bank responded to multiple emails from Threatpost inquiring about any links between the two breaches; nor whether any money was stolen from customers’ accounts.

James Lerud, head of the Verodin Behavioral Research Team, said the incident appears to be an extortion attempt by the hackers, where they threaten to publish stolen data unless they receive a ransom.

“It’s hard to say what the motivation for demanding the ransom is,” he said. “It could be that the data stolen isn’t as valuable as they are making out to be, or if the hackers are looking for a cherry on top of their haul and would just use the stolen information after a ransom was paid.”

Tim Erlin, vice president of product management and strategy at Tripwire, told Threatpost that attackers generally target banks because, put simply, that’s where the money is. “Ultimately, the biggest threat is the loss of money, but the mechanisms by which an attacker might execute such an attack can vary,” Erlin told Threatpost. “There’s no single, biggest threat for banks to address outside of complexity. The more complex the environment, the greater the attack surface.”

To protect themselves, consumers should always use a complex password and PIN, and regularly monitor their accounts for signs of unusual activity.

This story was updated June 1 at 9:45 a.m. with information on the ransom demand and the total number of customers affected.

Discussion

The most tragic thing is that telephone centres for Equifax and Trans Union- credit monitoring agencies are in INDIA.
After having your accounts and private info hacked and money stolen, you're supposed to call these centres for stolen identity protection.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.